NAT Router question.

Access Confusion

This is more of a posting of my understanding of how DYNDNS works with NAT routers. My questions are whether my understanding is correct, and whether anyone might have anything to add, clarify or correct in my understanding. Whether it's right or not, this may help others avoid confusion.

When I first set up my account, I used my external (router) IP, but it didn't seem to work. I changed the IP used in the account to the internal IP of the server, and that seemed to work. Problems were seen as soon as I asked someone to access the server from outside the LAN.

So I changed the account IP back to the router's external IP, and my remote user got my router's control panel (not good right?). So I had him check around in the router settings. He discovered the router was set to allow remote administration, so he turned that off, and was then directed to the local server just as he should be. But it doesn't end there.

Now, when I attempt to access the server, from INSIDE the LAN, I get the router control panel.

So here's what I've learned:

1. If you run a server behind a NAT router, DON'T bother testing the host name from within your LAN. All that will do is confuse you.
2. Test the host name from OUTSIDE the LAN.
3. From within the LAN, the external and internal IP's of essentially lead to the same place (the router CP).
4. From within the LAN, the server IP must be used, not the router external IP (which is where the account host name leads ~ so you will end up at the router CP).
5. If you test the account host name from outside the LAN (or have someone else do it for you), and it works, it doesn't matter that the host name leads you to the CP, though it may seem disconcerting.

If anyone has anything to correct or add to this, please do!

Some additional stuff if you're thinking of using a custom Xampp home page and SSL:

ALSO, the following may be helpful to anyone thinking running a Xampp server with a custom home page (accessing the server directly leads to your own custom built home page instead of the Xampp home page CP), which I know a lot of us are, AND you are implementing SSL security as in the instructions from http://robsnotebook.com/xampp-ssl-encrypt-passwords, some of the links you use will require a FULL PATH, including the "https" otherwise the http links will get "object not found" errors. Because you are using full path links, these links must contain "https://[yourhostname]/path, which will work fine outside the LAN, but will not work within the LAN (remember, [yourhostmname} leads to your router, not the server), since the LAN needs the internal address (https://[server_internal_ip]/path). This means you need two different pages, one for internal LAN use, and the other for LAN use. Here's how I took care of that:

If you want to be able to use your custom home page both from external (internet) computers AND from within the LAN, you will need two custom home pages. One for external users, and one for LAN users.

I have mine set up with links to access Xampp CP and phpMyAdmin (both folders for these are .htaccess password protected). Line 8 in htdocs/index.php reads "header('Location: '.$uri.'/xampp/');" which I changed to "header('Location: '.$uri.'/index2.php');", which is my new landing page for internet users.

The problem with this page (index2.php) is that it contains https links with [myhostname] (from DYNDNS). So I created an index3.php, with links to Xaamp and phpMyAdmin that look like this: "https://[internal_server_ip]/path."

Then set up .htaccess and .htpasswd, with redirect commands like this:

# permanently redirect specific IP request for single page  
RewriteEngine On 
RewriteBase / 
RewriteCond %{REMOTE_HOST} 192\.168\.2  
RewriteCond %{REQUEST_URI} index2.php$ 
RewriteRule .* index3.php [R=301,L] 

"192.168.2" (without the final digits) includes every computer on my LAN, and forces them to redirect to index3.php.

If you don't know how to set up a .htpasswd file, google it. instructions are all over the web, but if you run windows, you will probably find that the recommended password generators don't work for you. Use this one if you are running Xampp on Windows: http://www.htaccesstools.com/htpasswd-generator/

If anyone has any thoughts on the IP/internal/external access part, feel free to comment.

The rest is just (hopefully) helpful information for anyone that might want it.